3 Answers
3

The Clipboard can be used to store data, such as text and images. Because the Clipboard is shared by all active processes, it can be used to transfer data between them.

This should probably apply to Linux machines as well.

Is this a concern? No. For someone to exploit this, he would have to have malware on your machine capable of reading data from the clipboard. If he has the capability of getting malware on your machine, you have much bigger things to worry about as there are plenty of other stuff he can do, including keyloggers and the like.

Note that several (all?) password managers use the clipboard for password entry. While one has to be careful with arguments to popularity or to absence of harmful effects, we aren't seeing floods of compromises that are specific to password managers and clipboard usage.
–
Jonathan GarberMar 30 '13 at 2:39

1

@JonathanGarber From the KeePass site - Timed clipboard clearing: KeePass can clear the clipboard automatically some time after you've copied one of your passwords into it. Like I said though, if you can't trust your computer, you are basically screwed.
–
Terry ChiaMar 30 '13 at 2:44

3

Keyloggers usually would require admin privilege, but you don't usually need any special privileges to read the clipboard.
–
Lie RyanAug 20 '14 at 14:42

Aside from the clipboard contents being available for snooping, there have been exploits where web pages can grab your clipboard data, and one where web ads written in Flash (this was before version 10) could stuff malware URLs onto your clipboard, in hopes that unsuspecting users would paste them into e-mail, blogs, etc., without noticing what they contained. Since my clipboard extender (ClipMate) acted as an early-warning to the malicious activity, my blog post was cited quite a bit.http://www.clipboardextender.com/defective-apps/clipboard-virus-not-exactly-but-still-dangerous

This is insecure; as the MSDN article notes, the data can be read by other users (and by unprivileged users). Someone who could not necessarily install other malware could still read the clipboard data.

When it would be a "bad idea" depends on what might be running on the system, how sensitive the password is, etc.

No, other unprivileged users can't get the content of the clipboard: the clipboard is specific to a session. It doesn't make it secure from applications running in the same user context, though.
–
StephaneFeb 10 at 9:02